Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Jerry Leichter <leichter <at> lrw.com>
Subject: Re: init.d/urandom : saving random-seed
Newsgroups: gmane.comp.encryption.general
Date: Sunday 1st August 2010 04:00:39 UTC (over 6 years ago)
On the question of what to do if we can't be sure the saved seed file  
might be reused:  Stir in the date and time and anything else that  
might vary - even if it's readily guessable/detectable - along with  
the seed file.  This adds minimal entropy, but detecting that a seed  
file has been re-used will be quite challenging.  A directed attack  
can probably succeed, but if you consider the case of a large number  
of nodes that reboot here and there and that, at random and not too  
often, re-use a seed file, then detecting those reboots with stale  
seed files seems like a rather hard problem.  (Detecting them  
*quickly* will be even harder, so active attacks - as opposed to  
passive attacks that can be made on recorded data - will probably be  
out of the question.)

I wouldn't recommend this for high-value security, but then if you're  
dealing with high-value information, there's really no excuse for not  
having and using a source of true random bits.
                                                         -- Jerry
 
CD: 3ms